Exploited
critical
10
CWE
77 78 79
Advisory Published
Updated

CVE-2019-3929: Crestron Multiple Products Command Injection Vulnerability

First published: Tue Apr 30 2019(Updated: )

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Credit: vulnreport@tenable.com vulnreport@tenable.com

Affected SoftwareAffected VersionHow to fix
Crestron AM-100 firmware=1.6.0.2
Crestron AM-100
Crestron AM-101 firmware=2.7.0.2
Crestron AM-101
Barco wePresent WiPG-1000P firmware=2.3.0.10
Barco wePresent WiPG-1000P
Barco wePresent WiPG-1600W firmware<2.4.1.19
Barco wePresent WiPG-1600W
Extron Sharelink 200 Firmware=2.0.3.4
Extron ShareLink 200
Extron Sharelink 250 Firmware=2.0.3.4
Extron Sharelink 250
Teqavit Wips710 Firmware=1.1.0.7
Teqavit Wips710
SHARP PN-L703WA firmware=1.4.2.3
SHARP PN-L703WA
Optoma WPS-Pro firmware=1.0.0.5
Optoma WPS-Pro
Blackbox Hd Wireless Presentation System Firmware=1.0.0.5
Blackbox Hd Wireless Presentation System
InFocus LiteShow3 firmware=1.0.16
InFocus LiteShow3
Infocus Liteshow4 Firmware=2.0.0.7
InFocus LiteShow4
Crestron Multiple Products
All of
Crestron AM-100 firmware=1.6.0.2
Crestron AM-100
All of
Crestron AM-101 firmware=2.7.0.2
Crestron AM-101
All of
Barco wePresent WiPG-1000P firmware=2.3.0.10
Barco wePresent WiPG-1000P
All of
Barco wePresent WiPG-1600W firmware<2.4.1.19
Barco wePresent WiPG-1600W
All of
Extron Sharelink 200 Firmware=2.0.3.4
Extron ShareLink 200
All of
Extron Sharelink 250 Firmware=2.0.3.4
Extron Sharelink 250
All of
Teqavit Wips710 Firmware=1.1.0.7
Teqavit Wips710
All of
SHARP PN-L703WA firmware=1.4.2.3
SHARP PN-L703WA
All of
Optoma WPS-Pro firmware=1.0.0.5
Optoma WPS-Pro
All of
Blackbox Hd Wireless Presentation System Firmware=1.0.0.5
Blackbox Hd Wireless Presentation System
All of
InFocus LiteShow3 firmware=1.0.16
InFocus LiteShow3
All of
Infocus Liteshow4 Firmware=2.0.0.7
InFocus LiteShow4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2019-3929?

    CVE-2019-3929 is a command injection vulnerability affecting multiple products including Crestron AM-100, Crestron AM-101, Barco wePresent WiPG-1000P, Barco wePresent WiPG-1600W, Extron ShareLink 200/250, Teq AV IT WIPS710, SHARP PN-L703WA, and Optoma WPS-Pro.

  • How severe is CVE-2019-3929?

    CVE-2019-3929 has a severity rating of 9.8 (Critical).

  • Which products are affected by CVE-2019-3929?

    The products affected by CVE-2019-3929 are Crestron AM-100, Crestron AM-101, Barco wePresent WiPG-1000P, Barco wePresent WiPG-1600W, Extron ShareLink 200/250, Teq AV IT WIPS710, SHARP PN-L703WA, and Optoma WPS-Pro.

  • How can I fix the CVE-2019-3929 vulnerability?

    To fix the CVE-2019-3929 vulnerability, users should apply the latest firmware updates provided by the respective vendors.

  • Where can I find more information about CVE-2019-3929?

    You can find more information about CVE-2019-3929 at the following references: [1] [2] [3].

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203